Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Parse RSA parameters DP, DQ and QP from PKCS1 private keys #352

Merged
merged 4 commits into from
Jan 31, 2020
Merged

Parse RSA parameters DP, DQ and QP from PKCS1 private keys #352

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
80cc811
Parse RSA parameters DP, DQ and QP from PKCS1 private keys
jack-fortanix Jan 22, 2020
8c2631b
Address review comments
jack-fortanix Jan 23, 2020
6023975
Avoid memory leak when RSA-CRT is not enabled in build
jack-fortanix Jan 27, 2020
2e9eef4
Final review comments
jack-fortanix Jan 28, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 21 additions & 6 deletions library/pkparse.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -769,14 +769,29 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa,
goto cleanup;
p += len;

/* Complete the RSA private key */
if( ( ret = mbedtls_rsa_complete( rsa ) ) != 0 )
/* Import DP */
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we please add a comment here as a reminder for the future to ensure that nobody "optimises" this code out?

Basically explaining that although we could compute these values, we choose not to because this way it is faster and reduces the attack surface exposed to side channel attacks.

if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
MBEDTLS_ASN1_INTEGER ) ) != 0 ||
( ret = mbedtls_mpi_read_binary( &rsa->DP, p, len ) ) != 0 )
goto cleanup;
p += len;

/* Check optional parameters */
if( ( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 ||
( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 ||
( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 )
/* Import DQ */
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
MBEDTLS_ASN1_INTEGER ) ) != 0 ||
( ret = mbedtls_mpi_read_binary( &rsa->DQ, p, len ) ) != 0 )
goto cleanup;
p += len;

/* Import QP */
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
MBEDTLS_ASN1_INTEGER ) ) != 0 ||
( ret = mbedtls_mpi_read_binary( &rsa->QP, p, len ) ) != 0 )
goto cleanup;
p += len;

/* Complete the RSA private key */
if( ( ret = mbedtls_rsa_complete( rsa ) ) != 0 )
goto cleanup;

if( p != end )
Expand Down
8 changes: 6 additions & 2 deletions library/rsa.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -249,7 +249,7 @@ static int rsa_check_context( mbedtls_rsa_context const *ctx, int is_priv,
int mbedtls_rsa_complete( mbedtls_rsa_context *ctx )
{
int ret = 0;
int have_N, have_P, have_Q, have_D, have_E;
int have_N, have_P, have_Q, have_D, have_E, have_DP, have_DQ, have_QP;
int n_missing, pq_missing, d_missing, is_pub, is_priv;

RSA_VALIDATE_RET( ctx != NULL );
Expand All @@ -259,6 +259,10 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx )
have_Q = ( mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 );
have_D = ( mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 );
have_E = ( mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0 );
have_DP = ( mbedtls_mpi_cmp_int( &ctx->DP, 0 ) != 0 );
have_DQ = ( mbedtls_mpi_cmp_int( &ctx->DQ, 0 ) != 0 );
have_QP = ( mbedtls_mpi_cmp_int( &ctx->QP, 0 ) != 0 );


/*
* Check whether provided parameters are enough
Expand Down Expand Up @@ -325,7 +329,7 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx )
*/

#if !defined(MBEDTLS_RSA_NO_CRT)
if( is_priv )
if( is_priv && !(have_DP && have_DQ && have_QP))
jack-fortanix marked this conversation as resolved.
Show resolved Hide resolved
{
ret = mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D,
&ctx->DP, &ctx->DQ, &ctx->QP );
Expand Down